Learning from supervision: what recent enforcement actions tell us about structural areas for improvement in the trust sector

In recent times, De Nederlandsche Bank (DNB) has intervened on multiple occasions at trust offices. In several cases, this led to instructions or enforcement actions due to structural shortcomings in compliance with the Trust Offices (Supervision) Act 2018 (Wtt 2018). Such measures often have a major impact: they not only affect the reputation of a firm, but also expose vulnerabilities in processes, risk assessments, and internal controls. In this article, we translate several recent supervisory findings into lessons that can be directly applied in the day-to-day practice of trust offices.

Client due diligence as a missed starting point

In multiple supervisory processes, DNB found that trust offices provided services without having completed the client due diligence. Work was carried out using incomplete information about ultimate beneficial owners (UBOs), unclear structure charts, and limited investigation into the origin of funds. In some cases, this was limited to a brief statement.

The lesson is clear: client due diligence is not a formality that can run parallel to service delivery. It is the foundation on which everything rests. Without a completed investigation in advance, there is no insight into integrity risks. The documentation requirement also becomes highly relevant here: the client file must not only exist, but be complete, up to date, and well-substantiated. Periodic review is essential, especially for clients with an elevated risk profile or in cases of structural changes.

Structure overview without coherence

DNB has found in several cases that the overview of ownership structures and control was missing or incomplete. In a number of files, no up-to-date overview of the group structure was found, statements about the economic function of entities were lacking, and the purpose of the structure remained unclear. Additionally, registration requirements for foreign entities were often not documented.

These signals underline the importance of up-to-date and complete structure charts. But just as important is the context: trust offices must be able to explain the purpose of the structure and how it relates to the risk profile. Without this explanation, there is no control. Furthermore, offices must actively verify that all involved entities are correctly registered, including archiving supporting documents.

Origin of funds and authority under scrutiny

In some enforcement actions, DNB found that the origin of funds was insufficiently substantiated. Often, vague statements or outdated documents were used. Additionally, in several cases, the authority of representatives could not be demonstrated; legal documents such as powers of attorney or board resolutions were missing from the file.

This makes clear that accepting client statements without evidence is not sufficient. Trust offices must dig deeper: where does the capital come from? What are the contractual arrangements? And how is this substantiated? At the same time, it must always be formally established who is authorised to act on behalf of the client. Relying on an email or profile is not enough. Only formal documents can confirm the identity and authority of a representative.

When warnings do not lead to change

In some cases, DNB found that previously identified shortcomings had not been addressed. Once again, files were encountered in which the client due diligence was inadequate, without earlier warnings having been acted upon. In some instances, UBO identification was also lacking, with insufficient verification of interests and financial positions.

These situations emphasise the importance of being a learning organisation. Supervision is not optional: signals or shortcomings must lead to demonstrable action. A healthy compliance culture means that procedures are not only present on paper, but are actually followed, evaluated, and adjusted. Moreover, UBO identification must be thorough, using multiple sources and without assumptions based on reputation or family ties.

What else we can learn from recent supervisory measures

In addition to the above findings, further lessons can be drawn from other supervisory measures that are at least as important. One of these is the importance of a well-developed risk analysis. Too often, integrity risks – such as involvement in dual-use goods or countries under sanctions – are underexposed. An effective SIRA requires concrete risk assessments based on current sources and must be translated into the client due diligence.

Transaction monitoring also remains a structural point of concern. Many offices work with general or outdated transaction profiles that do not sufficiently reflect the client’s behaviour. Monitoring must be proactive and regular, supported by systems, and deviations must lead to concrete actions that are properly documented.

Finally, it turns out that registration obligations within group structures are frequently overlooked. Trust offices insufficiently check whether entities are registered in the commercial register of the relevant country, and supporting documents are missing from the file. This makes it difficult to maintain control over the structure and involved parties.

Checklist: are you ready for supervision?

The enforcement actions reveal a clear picture: supervision is about more than compliance alone. It is about demonstrably maintaining control over risks, structures, and integrity. This checklist helps you determine whether your organisation has already translated the key lessons into practice:

• Client due diligence: Is it complete, up to date, and conducted before the start of service provision? Is it reviewed periodically and properly documented?
• Integrity risks: Are sectors, products, and countries concretely analysed for risks? Are risk assessments well-substantiated and documented?
• Origin of funds: Is the source of capital traceable, substantiated, and supported by documentation?
• UBOs: Are UBOs identified and verified using multiple sources, including interest and wealth?
• Legitimacy of funds: Are statements verified? Are unusual transactions documented and reported where necessary?
• Structure overview: Is there an up-to-date, substantiated structure chart with checks on control and registrations?
• Registration obligations: Are all entities within the structure correctly registered and is proof of this included in the file?
• Purpose of the structure: Is it clear what the purpose is of each entity and how it fits into the client’s risk profile?
• Transaction monitoring: Are transactions proactively and timely monitored, with concrete profiles that are updated?
• Authority of representatives: Are representatives demonstrably authorised through legal documents?
• Compliance culture: Are earlier signals and findings followed up with structural improvement measures? Is compliance embedded throughout the organisation?

Conclusion

DNB’s enforcement measures show that a number of trust offices have fallen short in several areas of compliance with the Wtt 2018. The impact of an enforcement measure is significant and can have far-reaching consequences for the organisation.

Would you like to be prepared for a potential supervisory visit? Or would you like your processes and files to be assessed for effectiveness? Contact one of the consultants at Projective Group to discuss the possibilities.